Site Search Navigation

Site Navigation

Site Mobile Navigation

When Over-Sharing Leads to Problems

By Brad Stone April 23, 2010 1:29 pmApril 23, 2010 1:29 pm

2:59 p.m. | Updated Added Blippy’s explanation on its Web site of what went wrong.

In my article in Friday’s New York Times, I wrote about sites that let people share all kinds of personal information with the world, and about how these sites are embraced by users, despite possible privacy concerns. Now the blog VentureBeat has unearthed one of those problems involving a site I wrote about, Blippy, which lets people publish their credit card purchases online.

The blog found a Google results page that divulged the Citibank-issued Mastercard numbers for 127 transactions. Those numbers could be easily scooped up by identity thieves and used for fraudulent purposes.

In a phone interview Friday morning, Blippy’s co-founder, Philip Kaplan, said the card numbers in question belonged to four Blippy users. He explained that when people link their credit cards to Blippy, merchants pass along their raw transaction data — including some credit card numbers — and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site’s HTML code, where it was retrieved by Google.

Mr. Kaplan said that early on Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today. He added, “This still looks pretty bad.”

The company is trying to reach the four users about the exposure of their credit card numbers, Mr. Kaplan said, and is also asking Google to remove the results from its page. The company is also looking into why this appeared to have happened to only four users, he said.

Update: Blippy posted this explanation on its Web site. In the explanation the company says, “We contacted Google and they promptly removed the 4 credit card numbers from their cache, so they are no longer visible.”